THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — December 05, 2025

154 CVEs tracked today. 7 Critical, 39 High, 89 Medium, 10 Low.

CVE-2025-66644 HIGH CVSS 7.2
Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.

Command Injection Arrayos Ag
CVE-2025-66570 CRITICAL CVSS 10.0
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Authentication Bypass Docker Ubuntu Debian Cpp Httplib
CVE-2025-66562 CRITICAL CVSS 9.6
TUUI is a desktop MCP client designed as a tool unitary utility integration.

XSS RCE Tuui
CVE-2025-64054 CRITICAL CVSS 9.6
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

XSS Denial Of Service X210 Firmware
CVE-2025-34291 HIGH CVSS 8.8
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints - including built-in code-execution functionality - allowing the attacker to execute arbitrary code and achieve full system compromise.

RCE Langflow
CVE-2025-34256 CRITICAL CVSS 9.8
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.

RCE Wise Deviceon Server
CVE-2025-13313 CRITICAL CVSS 9.8
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers...

Privilege Escalation Authentication Bypass WordPress
CVE-2025-12374 CRITICAL CVSS 9.8
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login - User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated b...

Authentication Bypass WordPress
CVE-2020-36877 CRITICAL CVSS 9.3
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

PHP Command Injection RCE
CVE-2025-66624 HIGH CVSS 7.5
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable.

Buffer Overflow Information Disclosure Bacnet Stack
CVE-2025-66623 HIGH CVSS 7.4
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1.

Information Disclosure Kubernetes Apache Strimzi Redhat
CVE-2025-66566 HIGH CVSS 8.2
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.

Information Disclosure Java Ubuntu Debian Redhat
CVE-2025-66471 HIGH CVSS 7.5
A security vulnerability in version 1.0 and (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Python Ubuntu Debian Urllib3
CVE-2025-66418 HIGH CVSS 7.5
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Python Denial Of Service Ubuntu Debian Urllib3
CVE-2025-65897 HIGH CVSS 8.8
zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

Privilege Escalation Path Traversal File Upload RCE Zdh Web
CVE-2025-65879 HIGH CVSS 8.1
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Path Traversal Warehouse Management System
CVE-2025-65878 HIGH CVSS 7.5
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Path Traversal Warehouse Management System
CVE-2025-65730 HIGH CVSS 8.8
Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.

Authentication Bypass Goaway
CVE-2025-65036 HIGH CVSS 8.3
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

Authentication Bypass Atlassian RCE Pro Macros
CVE-2025-64057 HIGH CVSS 8.3
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

Path Traversal X210 Firmware
CVE-2025-64053 HIGH CVSS 7.5
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

Buffer Overflow Denial Of Service X210 Firmware
CVE-2025-59775 HIGH CVSS 7.5
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF Ubuntu Debian
CVE-2025-58098 HIGH CVSS 8.3
CVE-2025-58098 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Apache Ubuntu Debian Http Server
CVE-2025-55753 HIGH CVSS 7.5
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Buffer Overflow Integer Overflow Apache Ubuntu Debian
CVE-2025-46603 HIGH CVSS 7.0
Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Authentication Bypass Dell Cloudboost Virtual Appliance
CVE-2025-14108 HIGH CVSS 8.8
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
CVE-2025-14107 HIGH CVSS 8.8
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
CVE-2025-14106 HIGH CVSS 8.8
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
CVE-2025-14091 HIGH CVSS 7.3
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
CVE-2025-13654 HIGH CVSS 7.5
A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Buffer Overflow Memory Corruption Ubuntu Debian Duc
CVE-2025-13614 HIGH CVSS 8.1
The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-13426 HIGH CVSS 8.7
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems. The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+

Authentication Bypass Google Java RCE
CVE-2025-13066 HIGH CVSS 8.8
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
CVE-2025-12879 HIGH CVSS 8.8
The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-12851 HIGH CVSS 8.1
The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

PHP WordPress RCE Information Disclosure Lfi
CVE-2025-12850 HIGH CVSS 7.5
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

WordPress SQLi PHP
CVE-2025-12181 HIGH CVSS 8.8
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitra...

File Upload WordPress RCE
CVE-2025-12154 HIGH CVSS 8.8
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
CVE-2025-12153 HIGH CVSS 8.8
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
CVE-2024-9183 HIGH CVSS 7.7
A security vulnerability in GitLab CE/EE affecting all (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Information Disclosure Gitlab Debian
CVE-2020-36882 HIGH CVSS 7.5
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

File Upload Denial Of Service Diskboss
CVE-2020-36881 HIGH CVSS 7.8
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.

Buffer Overflow RCE Diskboss
CVE-2020-36880 HIGH CVSS 7.8
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.

Buffer Overflow RCE Diskboss
CVE-2020-36879 HIGH CVSS 8.5
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.

RCE
CVE-2020-36878 HIGH CVSS 8.7
A remote code execution vulnerability in and script is not properly verified (CVSS 8.7). Risk factors: public PoC available.

Information Disclosure
CVE-2020-36876 HIGH CVSS 8.7
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Information Disclosure Python
CVE-2025-66581 MEDIUM CVSS 6.5
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints relied on client-side or UI-level checks instead of enforcing permissions on the server, users with low-privileged roles (such as students) could perform operations intended only for instructors or administrators via directly using the API's. This vulnerability is fixed in 2.41.0.

Authentication Bypass Learning
CVE-2025-66577 MEDIUM CVSS 5.3
A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public PoC available. Vendor patch is available.

Docker Information Disclosure Ubuntu Debian Cpp Httplib
CVE-2025-66557 MEDIUM CVSS 5.4
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Authentication Bypass Deck Nextcloud
CVE-2025-66553 MEDIUM CVSS 4.3
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4.

Authentication Bypass Tables Nextcloud
CVE-2025-66552 MEDIUM CVSS 4.3
A security vulnerability in Nextcloud Server and Enterprise Server (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server Nextcloud
CVE-2025-66551 MEDIUM CVSS 6.3
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.

Authentication Bypass Tables Nextcloud
CVE-2025-66550 MEDIUM CVSS 5.7
A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Calendar Nextcloud
CVE-2025-66547 MEDIUM CVSS 4.3
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1.

Authentication Bypass Debian Nextcloud Server Nextcloud
CVE-2025-66513 MEDIUM CVSS 4.3
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged users. This vulnerability is fixed in 0.8.9, 0.9.6, and 1.0.1.

Authentication Bypass Tables Nextcloud
CVE-2025-66512 MEDIUM CVSS 5.4
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside of the Nextcloud Servers web page.

XSS Debian Nextcloud Server Nextcloud Suse
CVE-2025-66511 MEDIUM CVSS 4.8
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The tokens are not purely random generated. This vulnerability is fixed in 6.0.3.

Information Disclosure Calendar Nextcloud
CVE-2025-66510 MEDIUM CVSS 4.5
A security vulnerability in Nextcloud Server (CVSS 4.5) that allows an authenticated user. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Nextcloud Server Nextcloud
CVE-2025-66270 MEDIUM CVSS 4.7
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Authentication Bypass Google Ubuntu Debian Android
CVE-2025-66200 MEDIUM CVSS 5.4
A security vulnerability in Apache HTTP Server (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apache Ubuntu Debian Http Server
CVE-2025-65082 MEDIUM CVSS 6.5
A security vulnerability in Apache HTTP Server (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Apache Ubuntu Debian Http Server
CVE-2025-64056 MEDIUM CVSS 4.3
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

File Upload Authentication Bypass X210 Firmware
CVE-2025-64052 MEDIUM CVSS 5.1
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.

Command Injection X210 Firmware
CVE-2025-62223 MEDIUM CVSS 4.3
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Apple Edge Chromium iOS
CVE-2025-34266 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and later rendered in the AddIns UI without proper HTML sanitation. An attacker can inject malicious script into either field, which is then executed in the browser context of users who view or interact with the affected AddIns entry, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34265 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later rendered in rule listings or detail views without proper HTML sanitation. An attacker can inject malicious script into one or more of these fields, which is then executed in the browser context of users who view or interact with the affected rule, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34264 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and later rendered in the Software Watchdog UI without proper HTML sanitation. An attacker can inject malicious script into the process name, which is then executed in the browser context of users who view or interact with the affected rules, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34263 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and later rendered in the dashboard UI without proper HTML sanitation. An attacker can inject malicious script into either field, which is then executed in the browser context of users who view or interact with the affected dashboard, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34262 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint. When an authenticated user renames a device, the new_name value is stored and later rendered in device listings or detail views without proper HTML sanitation. An attacker can inject malicious script into the device name, which is then executed in the browser context of users who view or interact with the affected device, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34261 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without proper HTML sanitation. An attacker can inject malicious script into either field, which is then executed in the browser context of users who view or interact with the affected device group, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34260 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML sanitation. An attacker can inject malicious script into the schedule name, which is then executed in the browser context of users who view or interact with the affected schedule, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34259 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An attacker can inject malicious script into the map entry name, which is then executed in the browser context of users who view or interact with the affected map entry, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34258 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. An attacker can inject malicious script into the area name, which is then executed in the browser context of users who view or interact with the affected map entry, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-34257 MEDIUM CVSS 5.4
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the defined_name value is stored and later rendered in the Overview page without HTML sanitization. An attacker can inject malicious script into defined_name, which is then executed in the browser context of users who view the affected task, potentially enabling session compromise and unauthorized actions as the victim.

XSS Wise Deviceon Server
CVE-2025-32901 MEDIUM CVSS 4.3
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Google Denial Of Service Ubuntu Android Redhat
CVE-2025-32900 MEDIUM CVSS 4.3
A security vulnerability in the KDE Connect information-exchange protocol (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Google Ubuntu Debian
CVE-2025-32899 MEDIUM CVSS 4.3
A security vulnerability in KDE Connect (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu Android Redhat
CVE-2025-32898 MEDIUM CVSS 4.7
A remote code execution vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu Debian Android
CVE-2025-27389 MEDIUM CVSS 5.1
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

Authentication Bypass
CVE-2025-14116 MEDIUM CVSS 4.7
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).

SSRF
CVE-2025-14111 MEDIUM CVSS 5.0
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."

Path Traversal Google Rar Android
CVE-2025-14105 MEDIUM CVSS 4.3
A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. The attack can only be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Denial Of Service
CVE-2025-14104 MEDIUM CVSS 6.1
A flaw was found in util-linux.

Buffer Overflow Information Disclosure Redhat Suse
CVE-2025-14094 MEDIUM CVSS 4.7
A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Br 6478ac V3 Firmware
CVE-2025-14093 MEDIUM CVSS 4.7
A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Br 6478ac V3 Firmware
CVE-2025-14092 MEDIUM CVSS 4.7
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection Br 6478ac V3 Firmware
CVE-2025-14090 MEDIUM CVSS 4.7
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Hibos
CVE-2025-14089 MEDIUM CVSS 6.3
A security vulnerability in Himool ERP (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-14088 MEDIUM CVSS 6.3
A security vulnerability in ketr JEPaaS (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
CVE-2025-14086 MEDIUM CVSS 6.3
A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Youlai Mall
CVE-2025-14085 MEDIUM CVSS 6.3
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure Youlai Mall
CVE-2025-14052 MEDIUM CVSS 6.3
A security vulnerability in A vulnerability (CVSS 6.3). Risk factors: public PoC available.

Information Disclosure Youlai Mall
CVE-2025-13860 MEDIUM CVSS 6.4
The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-13739 MEDIUM CVSS 6.4
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

WordPress XSS
CVE-2025-13684 MEDIUM CVSS 4.3
The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a f...

CSRF WordPress
CVE-2025-13682 MEDIUM CVSS 4.4
The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WordPress XSS PHP
CVE-2025-13678 MEDIUM CVSS 6.4
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `thailottery` shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied `width` and `height` shortcode attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-13625 MEDIUM CVSS 6.1
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

WordPress XSS PHP
CVE-2025-13623 MEDIUM CVSS 6.1
The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PHP WordPress XSS
CVE-2025-13622 MEDIUM CVSS 6.1
The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PHP WordPress XSS
CVE-2025-13621 MEDIUM CVSS 6.1
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-13620 MEDIUM CVSS 5.3
A security vulnerability in Wp Social Login and Register Social Counter (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-13528 MEDIUM CVSS 5.3
A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
CVE-2025-13515 MEDIUM CVSS 6.1
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

WordPress XSS PHP
CVE-2025-13512 MEDIUM CVSS 6.1
The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

WordPress XSS PHP
CVE-2025-13494 MEDIUM CVSS 5.3
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths.

PHP WordPress Information Disclosure
CVE-2025-13362 MEDIUM CVSS 4.3
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-13360 MEDIUM CVSS 4.3
The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-13312 MEDIUM CVSS 5.3
A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
CVE-2025-13144 MEDIUM CVSS 4.3
The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the add_cstu_settings function. This makes it possible for unauthenticated attackers to modify plugin settings vi...

CSRF WordPress
CVE-2025-13006 MEDIUM CVSS 5.3
The SurveyFunnel - Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract sensitive data from survey responses.

WordPress Information Disclosure PHP
CVE-2025-12876 MEDIUM CVSS 5.3
A security vulnerability in Projectopia - WordPress Project Management (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-12804 MEDIUM CVSS 6.4
The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bookingcalendar' shortcode in all versions up to, and including, 10.14.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-12417 MEDIUM CVSS 6.4
The SurveyFunnel - Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'surveyfunnel_lite_survey' shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-12373 MEDIUM CVSS 4.3
The Torod - The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unau...

CSRF WordPress
CVE-2025-12370 MEDIUM CVSS 4.3
A security vulnerability in for WordPress is vulnerable to authorization bypass in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
CVE-2025-12368 MEDIUM CVSS 6.4
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sermon-views` shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-12355 MEDIUM CVSS 5.3
A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress PHP
CVE-2025-12354 MEDIUM CVSS 4.3
A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-12191 MEDIUM CVSS 5.4
The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdfcatalog' AJAX action in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
CVE-2025-12190 MEDIUM CVSS 4.3
The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby_ajax_optimize_gallery() function. This makes it possible for unauthenticated attackers to trigger bulk optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-12189 MEDIUM CVSS 4.3
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321.

CSRF WordPress RCE
CVE-2025-12186 MEDIUM CVSS 4.4
The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WordPress XSS PHP
CVE-2025-12165 MEDIUM CVSS 4.3
A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-12163 MEDIUM CVSS 6.4
The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...

File Upload WordPress XSS
CVE-2025-12133 MEDIUM CVSS 4.3
A security vulnerability in EPROLO Dropshipping (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-12130 MEDIUM CVSS 4.3
The WC Vendors - WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint. This makes it possible for unauthenticated attackers to delete vendor products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-12128 MEDIUM CVSS 4.3
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-12124 MEDIUM CVSS 4.4
The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WordPress XSS PHP
CVE-2025-12093 MEDIUM CVSS 5.3
A security vulnerability in Voidek Employee Portal (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass WordPress
CVE-2025-11759 MEDIUM CVSS 4.3
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it possible for unauthenticated attackers to add or modify an FTP backup configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows an attacker to set an attacker-controlled FTP site for backup storage and exfiltrate potentially sensitive site data.

CSRF WordPress PHP
CVE-2025-10055 MEDIUM CVSS 4.3
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
CVE-2025-8148 MEDIUM CVSS 4.2
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

Information Disclosure Goanywhere Managed File Transfer
CVE-2025-6966 MEDIUM CVSS 5.5
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Null Pointer Dereference Python Denial Of Service Ubuntu Debian
CVE-2016-20023 MEDIUM CVSS 5.0
A remote code execution vulnerability in CKSource CKFinder (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ckfinder
CVE-2025-66629 LOW CVSS 3.7
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.

CSRF Google Gitlab
CVE-2025-66558 LOW CVSS 3.1
Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.

Authentication Bypass Nextcloud
CVE-2025-66556 LOW CVSS 3.5
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Authentication Bypass Nextcloud
CVE-2025-66554 LOW CVSS 3.5
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5.

XSS Nextcloud
CVE-2025-66549 LOW CVSS 2.4
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.

Information Disclosure Ubuntu Debian Nextcloud
CVE-2025-66548 LOW CVSS 3.3
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.

Information Disclosure Nextcloud
CVE-2025-66546 LOW CVSS 3.3
Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1.

Authentication Bypass Nextcloud
CVE-2025-66545 LOW CVSS 3.5
A security vulnerability in a group or team. (CVSS 3.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Nextcloud
CVE-2025-66544 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66543 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66542 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66541 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66540 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66539 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66538 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66537 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66536 None
Rejected reason: Not used. No vendor patch available.

Information Disclosure
CVE-2025-66515 LOW CVSS 2.7
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

Authentication Bypass Nextcloud
CVE-2025-66514 LOW CVSS 3.5
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.

XSS Nextcloud

Today's Vulnerabilities Vulnerabilities